General
-
Target
b4c10799213a8c9d897e0308aa081d4e
-
Size
1.3MB
-
Sample
240305-p8hfwagc57
-
MD5
b4c10799213a8c9d897e0308aa081d4e
-
SHA1
3e8c1cef0003df477bc9eb06766b583b7907270f
-
SHA256
18b6270f3c007da456cb90681675d76c1495e2cc6c1be1965ffb4c12026b0921
-
SHA512
cb6243e1ef251cad4f6b2366805372a56f14cb77d617fa81b694c536ce32e2d18f1acd3a683a84729b10831a14a5bff6315b015b76a08e22ed358c5b269debb1
-
SSDEEP
12288:5MMpXKb0hNGh1kG0HWnALbgMMpXKb0hNGh1kG0HWnALbXU:5MMpXS0hN0V0HkMMpXS0hN0V0HQ
Behavioral task
behavioral1
Sample
b4c10799213a8c9d897e0308aa081d4e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b4c10799213a8c9d897e0308aa081d4e.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
b4c10799213a8c9d897e0308aa081d4e
-
Size
1.3MB
-
MD5
b4c10799213a8c9d897e0308aa081d4e
-
SHA1
3e8c1cef0003df477bc9eb06766b583b7907270f
-
SHA256
18b6270f3c007da456cb90681675d76c1495e2cc6c1be1965ffb4c12026b0921
-
SHA512
cb6243e1ef251cad4f6b2366805372a56f14cb77d617fa81b694c536ce32e2d18f1acd3a683a84729b10831a14a5bff6315b015b76a08e22ed358c5b269debb1
-
SSDEEP
12288:5MMpXKb0hNGh1kG0HWnALbgMMpXKb0hNGh1kG0HWnALbXU:5MMpXS0hN0V0HkMMpXS0hN0V0HQ
Score10/10-
Modifies WinLogon for persistence
-
Renames multiple (91) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-